Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
display representation should be put into protocol tree items if a
protocol tree is to be constructed; have it set "proto_tree_is_visible"
from that argument.
svn path=/trunk/; revision=4408
fix a bogus batch mode inference rule of make, so that
"vc60.pdb" files are created in the proper directory;
delete ".pdb" files in a "nmake -f Makefile.nmake clean";
include the text2pcap and mergecap ".pdb" files in the Windows
binary distribution.
svn path=/trunk/; revision=4385
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
specifies how the selector values used as keys in those tables are to be
displayed, and the title to use when displaying the table.
Use that information in the code to display the initial and current
entries of various dissector tables.
Have the dissector for BACnet APDUs register itself by name, and have
the BACnet NPDU dissector call it iff the BAC_CONTROL_NET bit isn't set,
rather than doing it with a dissector table.
svn path=/trunk/; revision=4358
the "The Compiler and Tools" section on
http://fink.sourceforge.net/doc/porting/basics.php
Do so on MacOS X regardless of whether the compiler is called "gcc" or
not, as that page also indicates that the compiler is installed as "cc".
svn path=/trunk/; revision=4354
the parent under which the field was registered.
This is the *unoptimized* version, to give developers something
to use while the optimized version is being created.
svn path=/trunk/; revision=4351
already contain a pointer to an epan_dissect_t, which contains
the proto_tree.
Routines calling epan_dissect_new() do not create their own
proto_tree via proto_tree_create_root(); instead, they pass a boolean
to epan_dissect_new() telling it whether it should create the root
proto_tree.
svn path=/trunk/; revision=4343
plugin APIs, and add the new "dissector_add_handle()".
Add an entry in the dissector table structure for
"create_dissector_handle".
svn path=/trunk/; revision=4314
pointer to a "struct dissector_table", containing a pointer to a hash
table and a pointer to a list of handles. Fix
"dissector_all_tables_foreach_func()" to understand that.
svn path=/trunk/; revision=4312
dissector table contain both a hash table, to use to look up port
numbers to find a dissector, and a list of all dissectors that *could*
be assigned to ports in that hash table, to be used by user interface
code.
Make the "Decode As" dialog box code use that.
Also make it *not* let you choose whether to set the dissector for both
the UDP and TCP versions of a port; some protocols run only atop TCP,
some run only atop UDP, and even those that can run atop both may have
different dissector handles to use over TCP and UDP, so handling a
single merged list would be a mess. (If the user is setting the
dissector for a TCP port, only those protocols that Ethereal can handle
over TCP should be listed; if the user is setting the dissector for a
UDP port, only those protocols that Ethereal can handle over TCP should
be listed; if the user is setting a dissector for both, only those
protocols that Ethereal can handle over *both* TCP *and* UDP should be
listed, *and* there needs to be a way to let the "Decode As" code get
both the TCP handle *and* the UDP handle and use the right ones. If
somebody really wants that, they need to implement all of the above if
they want the code to be correct.)
Fix the code that handles setting the dissection for the IP protocol
number to correctly update the lists of protocols being dissected as TCP
and as UDP; the code before this change wasn't updating the single such
list to add new protocols.
svn path=/trunk/; revision=4311
if found, return the dissector handle for that port.
Use that routine in the X.25 dissector; revert to attaching a dissector
handle to an X.25 virtual circuit.
svn path=/trunk/; revision=4310
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
svn path=/trunk/; revision=4308
1. Changes how can_desegment works so that can_desegment is
only != 0 for whichever dissector is running immediately on
top of whoever offers the can_desegment service.
Thus DCERPC needs no special handling to see if it can trust
can_desegment (which is currently only available ontop of TCP
and not ontop of tcp->nbss->smb).
2. Changes fragment reassembly of transaction smb to only show
the defragmented packet for the transaction smb holding the
first fragment.
To see why, test it with a transaction SMB containing a ~60kb
PDU or larger. The old behaviour had approximately quadratic
behaviour regarding runtime for dissecting such PDUs.
(example: NetShareEnum is a command which can grow really really
large if the number of shares and comments are large)
svn path=/trunk/; revision=4296
than a pointer to a dissector function, as an argument.
This means that the conversation dissector is called through
"call_dissector()", so the dissector itself doesn't have to worry about
checking whether the protocol is enabled or setting
"pinfo->current_proto", so get rid of the code that does that in
conversation dissectors. Also, make the conversation dissectors static.
Get rid of some direct calls to dissectors; replace them with calls
through handles, and, again, get rid of code to check whether a protocol
is enabled and set "pinfo->current_proto" where that code isn't needed.
Make those dissectors static if they aren't already static.
Add a routine "create_dissector_handle()" to create a dissector handle
without registering it by name, if the dissector isn't used outside the
module in which it's defined.
svn path=/trunk/; revision=4281
from being required by anyone other than packet-data.c.
It can now be accessed with call_dissector() with the name "data".
dissect_data is now also of dissect_t.
svn path=/trunk/; revision=4271
access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
svn path=/trunk/; revision=4246
of packet data captured.
Make the "BYTES_ARE_IN_FRAME()" macro take a "captured length of the
packet" argument.
Add some length checks to capture routines.
svn path=/trunk/; revision=4235
if (and only if) the length of the item being added is 0 (so that it has
no data backing it).
This means the data stream name pointer for the item in question is
null; make sure we handle that.
Use that for some "uses the value from the matching request" fields in
the SMB Pipe protocol.
svn path=/trunk/; revision=4231
structure, the check for a null tvbuff pointer in "alloc_field_info()",
and the "tvb_create_from_top()" macro; they're no longer needed, as
there's no non-tvbuffified dissector code remaining.
svn path=/trunk/; revision=4205
Fix up Info column to put "Request" or "Response" *after* the name of
the request.
Give the Negotiate Protocol request its full name.
svn path=/trunk/; revision=4139
"ds_name"s shouldn't be freed when the tvbuff is freed. (Thanks and a
tip of the Hatlo hat to the FreeBSD memory allocator for complaining
about multiple frees of the same string.)
svn path=/trunk/; revision=4136
FT_INT64 type, and make the Diameter dissector use it.
Handle the 64-bit integer types in the display filter semantics checks.
svn path=/trunk/; revision=4125
It makes no difference if they really are function declarations;
however, in plugins, when building on OSes that don't let
dynamically-loaded modules access functions in the main program (e.g.,
Windows), when compiling a plugin, <plugin_api.h> defines the names of
those functions as (*pointer_name), so they turn into declarations of
pointer variables pointing to the functions in question, and, on
platforms with a def/ref model in the linker, if a plugin has more than
one source file that gets linked into the plugin, the linker may get
upset at two definitions of the same variable.
svn path=/trunk/; revision=4114
former depends on having "guint64" and the latter depends on
"%ll[douxX]" being what's used to print 64-bit integers, and there are
platforms on which Etheeal runs that don't have "guint64" or that don't
use "%ll[douxX]" to print 64-bit integers.
Get rid of the routines to extract 64-bit integers into "gint64"s and
"guint64"s, as per Ronnie Sahlberg's suggestion, to discourage people
from writing code that won't work on all platforms; they should be using
FT_UINT64, or the routines in "int-64bit.c", instead.
svn path=/trunk/; revision=4102
without requiring compiler support for them, and updates to the
Diameter, L2TP, NFS, and NLM dissectors to use it and to the ONC RPC
dissector to allow ONC RPC subdissectors to use it.
svn path=/trunk/; revision=4099
"snprintf()" returns a negative number, that's an error, and we assume
"errno" was set and return NULL, otherwise we cast its return value to
"size_t" and compare it with the size of the buffer we were given, and,
if it was bigger, we know that "snprintf()" didn't generate all the
characters it could be cause they wouldn't have fit, so we set "errno"
to ENOSPC and return NULL.
svn path=/trunk/; revision=4095
doesn't exist, or is out of date with respect to "config.h.win32", it's
remade - stuff in "ftypes" and "dfilter" includes "config.h", and it
should get the "config.h" in "epan".
svn path=/trunk/; revision=4091
there were 2 functions which accepted 'maxlength' == -1, but the function
prototypes had maxlength as a guint --- fixed.
svn path=/trunk/; revision=4087
and generates the path name; have it, if the file is to be opened for
reading on Win32, check whether it exists and, if not, check for it in
the old home directory-based configuration directory and, if so, return
that path instead, so that files saved with earlier versions of Ethereal
will be seen.
svn path=/trunk/; revision=4072
On Windows, put the ".ethereal" directory under the user profile
directory rather than the home directory.
Update the documentation to reflect that, and to fix other out-of-date
information, as well as some typos.
svn path=/trunk/; revision=4068
Use that routine rather than duplicating that code in the routines to
write out the preference file and filter files.
Use it in the code for the color filter dialog, so that the directory in
question is created if necessary.
As that routine returns an error indication, have the code that calls
that routine put up a message box if the attempt fails.
svn path=/trunk/; revision=4065
".ethereal" directory is under it; get rid of "get_home_dir()", and put
its code inside "get_persconffile_dir()". (The personal configuration
file directory may move, on Windows, to the user's profile directory.)
svn path=/trunk/; revision=4062
reside. Use it, rather than concatenating the user's home directory and
".ethereal" in a number of files.
Fix up some additional places to use G_DIR_SEPARATOR_S as the pathname
separator.
svn path=/trunk/; revision=4061
strings used to generate pathnames.
Move the definition of PF_DIR from <epan/epan.h> to <epan/filesystem.h>,
so that files requiring only the definition of PF_DIR don't have to
include <epan/epan.h>, and get rid of no-longer-necessary includes of
<epan/epan.h>.
Add a routine to get the directory for "system files" such as
"/etc/ethers" - it's "/etc" on UNIX, and the datafile directory on
Windows (as there's no "/etc" on Windows). Use that to construct the
pathname of the ethers and ipxnet files.
svn path=/trunk/; revision=4056
which the Ethereal binary is found; there's no notion of "/etc" or of
"/etc/ethers" or "/etc/ipxnets" files on Windows.
Update the documentation to reflect that, and fix a typo in the Ethereal
and Tethereal man pages.
svn path=/trunk/; revision=4055
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
on it and check whether it returned EISDIR, not whether it returns 0 -
EISDIR means it's a directory, 0 means it isn't.
svn path=/trunk/; revision=3939
dissectors to use it, from Ronnie Sahlberg, with additional changes to
handle the case where a frame contains messages that don't run past the
end followed by one that does and where a reassembled chunk has, at the
end, a message that runs past the end of that chunk (because the
reassembly was for an earlier message).
svn path=/trunk/; revision=3923
of protocol-id-plus-datum pairs, so that multiple protocols can attach
information to the same conversation.
Dissectors that attach information to a conversation should not assume
that if they find a conversation it has one of its data attached to it;
the conversation might've been created by another dissector.
svn path=/trunk/; revision=3901
that look up conversations in hash tables, unless they are arguments
that will be ignored; if they're not being ignored, then if the argument
is a null pointer you may get a crash if it's dereferenced, and if it's
not a null pointer you'll only get a match if the conversation has
whatever stuff the arguments points to as its first address or port.
If you match a conversation with a wildcarded address and/or port, and
the address and/or port matched a non-wildcarded search argument, and
the conversation is for a connection-oriented transport protocol, set
the wildcarded address and/or port for the conversation to the value
that matched it.
svn path=/trunk/; revision=3897
"try_conversation_dissector()" does - start with as exact matches as
possible, and then start doing wildcarding - so that it can find
conversations with wildcard addresses or ports even if both address and
port arguments are supplied to it.
svn path=/trunk/; revision=3893
"proto_item_set_text()" except that it appends the result of the
formatting to the item's current text, rather than replacing the item's
current text. Use it in the DNS dissector.
svn path=/trunk/; revision=3880
but, before you set the text, you throw an exception while putting stuff
under the subtree, you end up with an absolutely blank protocol tree
item, which is really gross. Instead of calling
"proto_tree_add_notext()", call "proto_tree_add_text()" with at least a
minimal label - yes, it does mean you do some work that will probably be
unnecessary, but, absent a scheme to arrange to do that work if it *is*
necessary (e.g., catching exceptions), the alternative is an ugly
protocol tree display.
svn path=/trunk/; revision=3879
directory in which global data files are stored. If an installed binary
is being run, that's the correct directory for them; if a build-tree
binary is being run, the "manuf" file will be there, and you can put
other data files there as well, if necessary.
Do the same with plugins, except that, if there's no
"plugins\\{version}" subdirectory of that directory, fall back on the
default installation directory, so you at least have a place where you
can put plugins for use by build-tree binaries. (Should we, instead,
have the Windows build procedure create a subdirectory of the "plugins"
source directory, with the plugin version number as its name, and copy
the plugins there, so you'd use the build-tree plugin binaries?)
Move "test_for_directory()" out of "util.c" and into
"epan/filesystem.c", with the other file system access portability
wrappers and convenience routines. Fix "util.h" not to declare it - or
other routines moved to "epan/filesystem.c" a while ago.
svn path=/trunk/; revision=3858
"standard" plugin directory, and, instead of getting PLUGIN_DIR (the
*real* installation directory) from the configure script, as can be done
in UNIX, attempt to get it by getting the full pathname of the currently
running program and assuming it's in the installation directory.
svn path=/trunk/; revision=3850
"void *" that a dissector can set to point to such a structure; that
means that the stuff in the epan directory doesn't have to know anything
about the protocol-specific private data one dissector passes to
another, and that structure doesn't have to be changed if a dissector
wants to pass some new type of data to another dissector.
svn path=/trunk/; revision=3818
fractions-of-a-second (the units of which are either milliseconds or
microseconds, specified by a Boolean argument), and formats it into a
"DD days, HH hours, MM minutes, SS seconds" using a buffer supplied to
it. Have "time_secs_to_str()" and "time_msecs_to_str()" both use it.
Also, have it correctly handle the case of SS being > 0 but < 1 (which
"time_msecs_to_str()" didn't do).
Rename "rel_time_to_str()" to "rel_time_to_secs_str()", and add a
"rel_time_to_str()" routine that takes a "struct timeval" and hands its
seconds and microseconds values to "time_secs_to_str_buf()". Use
"rel_time_to_secs_str()" to format FT_RELATIVE_TIME values for now; we
might want to use "rel_time_to_str()" for them, though, or make it an
option (either a user option, or a per-field option, using the field
that also holds BASE_ values).
svn path=/trunk/; revision=3806
Defect number: 0011
Date: Jul 26 2001
Releases of Kazlib affected: 1.10 through 1.19
Status: Fixed in 1.20
Modules affected: except.c
Description: Members of the except_t structure needed to be declared
volatile because the structure is automatically allocated in the
except macro, modified after a setjmp() takes place, and accessed
after control returns via longjmp.
Solution: Upgrade to 1.20 or backpatch the fix.
svn path=/trunk/; revision=3793
replace "--with-plugindir" with "--with-plugins", and have the
plugin directory optional - this allows plugins to be disabled;
add "--traditional-cpp" on MacOS X/Darwin (Apple's "cc" compiler
requires it, for some annoying reason, even though it is, as far
as I know, GCC-based, and other GCC's don't require it);
on MacOS X, don't use "pcap_version[]", as, for some annoying
reason, libpcap on MacOS X doesn't define it.
Clean up some whitespace in the help messages for the configure script.
Move the AM_CONDITIONAL for SETUID_INSTALL after the point at which
"enable_setuid_install" is set, as it tests "enable_setuid_install".
svn path=/trunk/; revision=3788
the "epan" directory, as well as the top-level directory, as there's
stuff in the "epan" directory that depends on that.
svn path=/trunk/; revision=3710
* gcc 3.0 warning fixes:
- text2pcap.c: The number of characters to scan should probably not be 0
- wiretap/csids.c: using preincrement on a variable used on both
sides of an assignment might be undefined by the C99(?) standard
* turn on additional warnings for epan and wiretap too
- epan/configure.in
- wiretap/configure.in
* Fix some warnings (missing includes, signed/unsigned, missing
initializers) found by turning on the warnings
- all other files :-)
svn path=/trunk/; revision=3709
"pinfo->{len,captured_len}"-adjusting currently done by the IP
dissector, make the IP dissector call that rather than doing the work
itself, make the IPv6 dissector call that rather than just adjusting the
tvbuff length itself, and make the IPX dissector call that rather than
just adjusting "pi.{len,captured_len}" itself.
This cleans things up a bit, and causes trailers to be properly reported
in IPX-over-Ethernet frames.
svn path=/trunk/; revision=3621
to imply that
1) conversations have source and destination addresses and ports
- they don't (if they did, they'd be monologues, not
conversations), they just have two address/port pairs for the
two endpoints, with one or more of the address or port in the
second pair possibly being wildcarded;
2) the first and second address or port argument to
"find_conversation()" or "try_conversation_dissector()" have
anything to do with the first or second address/port pair in
a conversation - they don't, the two arguments to those
routines are matched against *both* address/port pairs for a
conversation;
as otherwise people might think that they need to add flags to wildcard
the first arguments "conversation_new()" or "find_conversation()" (they
don't, they just have to pass the non-wildcarded address/port first and
then pass the wildcarded one, even if that means passing the destination
first and source second).
svn path=/trunk/; revision=3537
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
structures as arguments, that evaluates to "true" if the two addresses
are equal and "false" if they're not equal. Use that macro in the
conversation code.
svn path=/trunk/; revision=3509
the glibc "strptime()" (modified so it doesn't require the rest of
glibc), set up the configure script to check for it, and set up
Makefile.am and Makefile.nmake to use it.
Get rid of NEED_MKSTEMP - nothing uses it.
svn path=/trunk/; revision=3500
Joerg Meyer.
Support for saving to the preferences file the settings for all types of
name resolution.
Do a case-insensitive check for "true" and "false" in Boolean preference
settings.
svn path=/trunk/; revision=3489
value.
Check that the microseconds field of an absolute time is valid, if it's
present.
Set "tm_isdst" in the "struct tm" handed to "mktime()" to -1, so that
"mktime()" will attempt to figure out whether the time is daylight
savings time or not.
Check that "mktime()" was able to convert the time.
svn path=/trunk/; revision=3487
"old_dissector_try_port()".
There are no longer any old-style heuristic or conversation dissectors,
so get rid of "old_heur_dissector_add()" and "old_conv_dissector_add()"
and the data-structure members that support old-style heuristic and
conversation dissectors.
svn path=/trunk/; revision=3478
generated code, as per Chris Foulds' note.
Also, when constructing the system ID or area string, always append the
four-octet groups, rather than overwriting them, as we had been doing.
svn path=/trunk/; revision=3414
corresponding to a named field, by matching stuff at a particular offset
in the frame, don't treat a length of 1 byte specially - the syntax for
a one-byte byte string is the same as for longer byte strings, with no
leading "0x" allowed.
Clean up white space.
svn path=/trunk/; revision=3406
argument, have it just return; this allows dissectors that don't
explicitly check for a null protocol-tree argument to pass the
protocol-tree argument to "proto_tree_add_XXX()" routines - which means
they'll get a null pointer back if the protocol-tree argument is null
because we're not constructing a protocol tree - and then later use
"proto_item_set_len()" without having to check for a null
protocol-tree-item pointer.
svn path=/trunk/; revision=3402
was specified.
This should obviate the need to handle BASE_NONE specially in the
formatting routines, so revert to the previous version.
svn path=/trunk/; revision=3359
with useful error messages. Some dissector are registering
FT_INTn or FT_UINTn fields with BASE_NONE. Now when ethereal dies
because of it the offending field will be identified so that it
can be fixed.
svn path=/trunk/; revision=3340
you have to select a base (even before this change, you had to select
one, otherwise the filter-construction GUI would crash if you selected
an FT_INTn or FT_UINTn field with BASE_NONE and then selected a
comparison operator).
svn path=/trunk/; revision=3337
status bar to display nothing, rather than "Text (text)", when a
"proto_tree_add_text()" field is selected.
While we're at it, use a similar test to eliminate the text pseudo-field
from the output of "{ethereal,tethereal} -G", as well.
svn path=/trunk/; revision=3335
and never was - there's only an Ethereal-wide "enable name resolution"
preference. Name it just "name_resolve".
Replace all tests of "g_resolving_actif" with tests of
"prefs.name_resolv", and replace all code that sets "g_resolving_actif"
with code that sets "prefs.name_resolv", so that the setting of
"prefs.name_resolv" actually affects whether names are resolved or not.
svn path=/trunk/; revision=3300
source name from "pi.compat_top_tvb", which should always be set to the
tvbuff that refers to the data that old-style dissectors are currently
working on.
Arrange that it be so set in those dissectors that create alternate data
sources and call other dissectors, and also arrange that "pi.len" and
"pi.captured_len" be set appropriately as well.
svn path=/trunk/; revision=3286
We us $(VERSION), defined in the top-level config.nmake, to replace
@VERSION@ in various files. $(RC_VERSION) and $(WTAP_VERSION) are
similarly used.
svn path=/trunk/; revision=3258
"find_last_pathname_separator()" on Win32; move the other pathname
manipulation routines from "util.c" into "epan/filesystem.c".
Remove from "util.h" the declarations of routines not defined in
"util.c", and put them into "epan/filesystem.h" if they're not already
there.
Adjust #includes to make the above work.
svn path=/trunk/; revision=3241
and "u_char" aren't declared in <sys/types.h> in Win32, you have to
include <winsock.h>, which is a pain.
Throw in some "const"s while we're at it.
svn path=/trunk/; revision=3240
"value_string.c", as they include "epan/to_str.h", and that uses "struct
timeval" in some function prototypes.
In "to_str.c", include <sys/types.h> before including <netinet/in.h>; on
at least some platforms, definitions in <netinet/in.h> require types
defined in <sys/types.h>.
In "to_str.c", include <sys/socket.h>, so that AF_INET6 is defined.
svn path=/trunk/; revision=3238
allow the passing of register_all_protocols() and
register_all_protocol_handoffs() through epan_init() to proto_init().
This allows the removal of the compile time dependence of proto.c
on register.h. Modified dftest.c, tethereal.c, and gtk/main.c to
use the new style epan_init() and depend on register.h.
svn path=/trunk/; revision=3237
dissector_handle in a static variable in packet.c. Changed dissect_packet
to call dissector from using the call_dissector() function and the cached
dissector_handle for frame_dissector. Changed the order of function
calls in epan_init() to allow for this change ( it sucks to look up
a dissector when none are registered ).
svn path=/trunk/; revision=3234
to_str.{c,h}. Resolved strange situation where ipx_addr_to_str was
declared in packet.h but defined in packet-ipx.c by moving
ipx_addr_to_str, ipxnet_to_str_punct, and ipxnet_to_str from packet-ipx.{c,h} to to_str.{c,h}
svn path=/trunk/; revision=3219
Tvbuffers changed to added the data source name,
GUI and printing code changed to support these changes
and display the multiple hex views.
svn path=/trunk/; revision=3165
In the CLNP dissector, set the source and destination network-layer and
"top-level" addresses; this will cause them to show up in the source and
destination columns of the summary display if you're showing the
network-layer or top-level address (although you'll probably have to
widen those columns significantly to see the entire address), and also
makes them available to subdissectors.
svn path=/trunk/; revision=3131
a byte in the hex dump,
1. Fix an off-by-one error when finding the field. This only showed up
if the selected byte had no field of its own and was only designated
as part of the parent protocol (like the 00-padding at the beginning of
TCP options).
2. Fix an off-by-one error when clicking on a character in the second
half of the "text dump" portion of the hex dump. I forgot about the
extra space between the first 8 characters and the second 8 characters.
svn path=/trunk/; revision=3117
routines need it.
When a user clicks on a hex digit or on the corresponding character
(the "text dump" portion) in the hex dump, find the field in the
proto_tree that the byte corresponds to, expand the GtkCTree so that
the field is viewable, select the field, and center it vertically.
LanAlyzer has this feature, and I've missed it in Ethereal.
svn path=/trunk/; revision=3096
require it. It makes more sense to either put cppmagic with lemon, or
in yet another common directory. I'll just put it with lemon.
svn path=/trunk/; revision=3083
name-server-over-IPX and mailslot-datagram-over-IPX packets, based on
stuff dredged out of a pile of documents on the Web.
svn path=/trunk/; revision=3079
take fully-prototyped function arguments with types appropriate to
"g_malloc()" and "g_free()", and change the calls to the functions
pointed to by those arguments not pass the extra __FILE__ and __LINE__
arguments.
svn path=/trunk/; revision=3039
in the output of "{ethereal,tethereal} -G", so that it appears only once
in the documentation.
Expand some comments to give more details.
svn path=/trunk/; revision=3024
the handle has been disabled, return after calling "dissect_data()",
rather than driving on and calling the dissector anyway.
svn path=/trunk/; revision=3001
strings are unsigned, so that we can hand them to "isXXX()" macros
without GCC warning us that an array subscript is "char" (as in "if this
is a character with the 8th bit set, you may not get the answer you
think you should from 'isXXX()'").
svn path=/trunk/; revision=2972
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
requires that the dfilter code be initialized before the plugins are
added; this required us to *re*-initialize the dfilter code after
reading in all the plugins, as the plugins may themselves have added new
filterable fields - that was a bit of a mess), and make the
"Tools->Plugins" dialog box show the new-style plugins.
svn path=/trunk/; revision=2950
plugins, as the MGCP dissector uses it.
Don't set pointers to "dfilter_init()" and "dfilter_cleanup()" in that
transfer vector, as there *aren't* any pointers to them in the transfer
vector.
svn path=/trunk/; revision=2949
be loaded and their initialization routines called in right after we
call the initialization routines for built-in dissectors, but don't call
their handoff registration routines yet, and then call the handoff
registration routines right after calling the handoff registration
routines for built-in dissectors.
Do all that in "proto_init()", rather than "epan_init()".
That way, we call all dissector registration routines together, and then
call all dissector handoff registration routines together; all the
registration routines are called before any handoff registration
routines, as is required, and, as "proto_init()" is called by
"epan_init()" before "dfilter_init()" is called, all filterable fields
have been registered before "dfilter_init()" is called, and no plugins
have to call "dfilter_init()" themselves to get their fields registered.
Remove pointers to "dfilter_init()" and "dfilter_cleanup()" from the
plugin address table, as plugins shouldn't be calling them any more, and
remove calls to them from plugins.
svn path=/trunk/; revision=2940
*future* version, not of 1.4, which is the *current* version - i.e.,
it's newer than 1.4) complains, if "dfilter-grammar.c" and
"dfilter-scanner.c" are part of "EXTRA_libethereal_a_SOURCES", that
"dfilter-grammar.o" is built both from "dfilter-grammar.c" and
"dfilter-grammar.y", and that "dfilter-scanner.o" is built both from
"dfilter-scanner.c" and "dfilter-scanner.l", and refuses to build
"Makefile.in".
Moving them to "EXTRA_DIST" makes 1.4b happy.
Automake 1.4 allows them either to be in "EXTRA_libethereal_a_SOURCES"
or in "EXTRA_DIST"; the only difference between the generated
"Makefile.in" files is which of those two variables the files are in,
and the only difference that makes is that it keeps those two files out
of "SOURCES", which means that "make ID" doesn't include them in the
files it looks at, and "make TAGS" and "make tags" don't include them in
the files they look at. I'm not sure whether the tags file should be
built from "dfilter-grammar.y" and "dfilter-scanner.l", or from
"dfilter-grammar.c" and "dfilter-scanner.c"; the former means you see
the real source file, not the generated source file, if you look for a
symbol defined in one of those files, while the latter means you can
look for symbols in code generated by YACC/Bison or Flex.
In either case, the generated files go into the distribution tarball,
which is what we want.
For now, we go with what makes Automake 1.4b happy.
svn path=/trunk/; revision=2909
It was the last dissector that used "old_call_dissector()", and
tvbuffifying it got rid of that, so get rid of "old_call_dissector()".
svn path=/trunk/; revision=2892
"{old_}dissector_try_port()", so that its value doesn't get changed out
from under a dissector that calls "{old_}dissectory_try_port()".
svn path=/trunk/; revision=2890
dissector, save the current value of "pinfo->current_proto" and restore
it before returning; when you return, you're back in the dissector that
called the routine to call a dissector, so the current protocol is the
one for that dissector. This may be important if a dissector calls a
subdissector and, after it returns, processes stuff in the packet after
the stuff dissected by the subdissectror.
This means it's safe for "dissector_try_heuristic()" to set it before
calling a heuristic dissector, as it'll put back the previous value when
it returns.
svn path=/trunk/; revision=2886
dissector is enabled and, if not, return FALSE, just as if there hadn't
been any entry for that port number in the table. If it is enabled, set
"pinfo->current_proto" from its short name before calling the dissector.
In "dissector_try_heuristic()", check whether the protocols for
dissectors are enabled and, if not, skip those dissectors, just as if
they hadn't been in the table. (We don't set "pinfo->current_proto"
before calling a dissector, as we don't know whether the dissector in
question will be the one to dissect the packet. Arguably, we should
have, for heuristic dissectors, separate "recognize" and "dissect"
routines, where the former never throws an exception and returns TRUE or
FALSE, and the latter is called only if the "recognize" routine claimed
the frame, and is just a "dissector_t" that doesn't return a value.)
In "{old_}call_dissector()", check whether the protocol for the
dissector is enabled and, if not, call "{old_}dissect_data()". if it is
enabled, set "pinfo->current_proto" from its short name before calling
the dissector.
svn path=/trunk/; revision=2861
address and a pointer to a character buffer as arguments, and puts a
printable form of the IP address into the buffer. Make "ip_to_str()"
use it.
Make "host_name_lookup()" use "ip_to_str_buf()", not "ip_to_str()", so
that it doesn't trash any strings that a dissector has gotten with
"ip_to_str()" (for example, the ARP dissector gets strings for the
source and target protocol addresses, and then may attempt to register
names for the source and target hardware addresses with
"add_ether_byip()"; if "host_name_lookup()" fails to find a host name
for the IP address, it shouldn't use "ip_to_str()" to generate an IP
address string to associate with the IP address, as if that's done twice
it'll run out of "ip_to_str()" buffers - there're only 3 of them - and
trash one of the IP address strings the ARP dissector got).
svn path=/trunk/; revision=2850
"{old_}heur_dissector_add()", "{old_}conv_dissector_add()", and
"register_dissector()", so that an entry in those tables has associated
with it the protocol index of the protocol the dissector handles (or -1,
if there is no protocol index for it).
This is for future use in a number of places.
(Arguably, "proto_register_protocol()" should take a dissector pointer
as an argument, but
1) it'd have to handle both regular and heuristic dissectors;
2) making it take either a "dissector_t" or a union of that and
a "heur_dissector_t" introduces some painful header-file
interdependencies
so I'm punting on that for now. As with other Ethereal internal APIs,
these APIs are subject to change in the future, at least until Ethereal
1.0 comes out....)
svn path=/trunk/; revision=2849
particular protocols, and which keep track of all dissectors that could
be associated with conversations using those particular protocols - for
example, the RTP and RTCP dissectors could be assigned to UDP
conversations.
This is for future use with UI features allowing the dissector for a
given conversation to be set from the UI, to allow
1) conversations between two ports, both of which have
dissectors associated with them, that have been given to the
wrong dissector to be given to the right dissector;
2) conversations between two ports, neither of which have
dissectors associated with them, to be given to a dissector
(RTP and RTCP, for example, typically run on random ports,
and if you don't have, in a capture, traffic that would say
"OK, traffic between these two hosts and ports will be RTP
traffic", you may have to tell Ethereal explicitly what
protocol the conversation is).
svn path=/trunk/; revision=2848
"prefs_register_module()" except that it takes a protocol index as
returned by "proto_register_protocol()" as its first argument, rather
than taking two character strings as arguments as its first two
arguments, and uses the protocol's abbreviation as the name to use for
preferences in the preferences file and the "-o" flag and uses the
protocol's short name as the name to use in the tabs in the
"Edit->Preferences" window.
svn path=/trunk/; revision=2812
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
svn path=/trunk/; revision=2810
Change them to use facilities in Ethereal that were probably not present
when they were originally written, e.g. routines to fetch 24-bit
integers and to dump a bunch of raw bytes in hex.
Redo them to extract data from the packet as they dissect it, rather
than extracting an entire data structure at once; that way, it may be
able to dissect a structure not all of which is in the packet.
Dissect a bit more of the type-of-service metrics etc. in OSPF packets.
Make "tvb_length_remaining()" return a "gint", not a "guint"; it returns
-1 if the offset is past the end of the tvbuff.
Add a "tvb_reported_length_remaining()" routine, similar to
"tvb_length_remaining()". Use it instead of just subtracting an offset
from "tvb_reported_length()".
svn path=/trunk/; revision=2787
NUL-terminated string, starting at a given offset. The size includes
the terminating NUL. If it doesn't find the terminating NUL, it throws
the appropriate exception, as either there's no terminating NUL in the
packet or there is but it's past the end of the captured data in the
packet.
Use that routine in the TFTP dissector. As it throws an exception if
the string isn't NUL-terminated, we can just use "%s" to print option
strings; we don't need to use "%.*s" with a string length.
svn path=/trunk/; revision=2783
replace the existing checksummer with a modified version of the BSD
checksumming code. Add a flag to the "packet_info" structure to
indicate that a packet is the first fragment of a fragmented datagram,
so that the checksummers won't try to checksum those.
(It doesn't seem to add a lot of CPU overhead, so we don't introduce a
flag to disable it, yet. Further checks may be necessary to see whether
the overhead is just swamped by other overheads when scanning through a
capture dissecting all frames, or if it truly is negligible.)
Make the Boolean preference option controlling whether to make the
top-level protocol tree item for TCP display a packet summary static to
the TCP dissector (it doesn't need to be accessible outside the TCP
dissector).
svn path=/trunk/; revision=2751
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
exports it.
Make the pointer that points to the GMemChunk for per-frame data static
to "epan/packet.c", as it's not used outside "epan/packet.c".
svn path=/trunk/; revision=2741
of the search if the caller-supplied limit goes past the end of the
tvbuff - the limit should just be what remains in the tvbuff after the
specified starting offset.
In "tvb_find_line_end_unquoted()", after searching for the next
interesting character, check the value we got back from that search, in
"char_offset", not whatever happens to be in "cur_offset", to see if we
found a character.
svn path=/trunk/; revision=2719
involving "g_module_build_path()", rather than by checking the platform
- this should let us handle non-Windows platforms that don't use ".so"
(e.g., HP-UX).
Use G_DIR_SEPARATOR_S as the pathname separator character when
generating the pathname of the module.
svn path=/trunk/; revision=2712
in order to check whether to use ANSI C features such as "const".
GCC defines it as 1 even if extensions that render the implementation
non-conformant are enabled; Sun's C compiler (and, I think, other
AT&T-derived C compilers) define it as 0 if extensions that render
the implementation non-conformant are enabled; Microsoft Visual C++
6.0 doesn't define it at all if extensions that render the implementation
non-conformant are enabled.
We define it as 0 in "config.h.win32", so that those generated files will use
those features (and thus not get type warnings when compiled with
MSVC++).
svn path=/trunk/; revision=2698
can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
svn path=/trunk/; revision=2670
Gerald Combs